Conventionally, a software illegal-use prevention technology has been used to prevent a third party from analyzing a high-security program and illegally using it, as described, for example, in “Protection of software against reverse-analysis (tampering) and alteration (modification)—tamper-resistant software technology—”, pp. 209-220, Nikkei Electronics Vol. No. 706, Jan., 1998”.
One of methods for illegally using software is to use a software debugger etc. to get access to a program in execution for inspecting the behavior of the program by executing the program statement by statement. This is a powerful analysis means for which no complete prevention method is available.
The following describes a dynamic-analysis prevention technology, as one of illegal-use prevention technologies, described in the document mentioned above. FIG. 8 shows the configuration of the technology. Referring to FIG. 8, programs 10 and 20 are programs to be protected by using the illegal-use prevention technology, and a program 60 is a supervisory program, (System Integrity Program SIP) prepared for the illegal-use prevention technology. Note that the programs 10, 20, and 60 each include an alteration detection code module (Integrity Verification Kernel IVK) 32 for detecting alterations that might be effected on the program itself, respectively.
These programs perform authentication (verification) as follows. The program 10 and the program 60 authenticate (verify) the alteration detection code module (IVK) 32 each other according to a communication protocol through digital signature. In this case, if the alteration detection code module 32 is destroyed or altered, processing stops here immediately.
The program 20 and the program 60 authenticate the alteration detection code module 33 each other according to a communication protocol through digital signature. In this case, if the alteration detection code module 32 is destroyed or altered, processing stops here immediately.
This method allows the processing to be caused/suspended, if the alteration detection code module 32 detects that a dynamic analysis was made. In addition, this method performs authentication for two pairs of programs to prevent an illegal use by a third party program that imitates a communication protocol message.